Five Basics For Backing Up Client Data

[If you've already read the first part of this column from our print issue,
you can click here to jump to the bonus online content.]

Ever since the computerization of America in the early 1980s, technology experts
have been preaching the gospels of data safety, especially the use of virus
protection systems and data backup.

You know why data backup is important, of course, but how vigilant are you
in practicing what you know is a mission-critical issue? If your computer or
server crashed right now, how much of your work would you lose? A day? A week?
More?

If your computing systems were damaged by weather, fire or theft on April
1 of next year, would you survive tax season? Would your professional reputation,
your client relationships and you’re your practice survive to see the
next year? Backing up your computer files and having a way to retrieve them
quickly is that important.

WHY LOCAL BACKUP IS NOT SAFE
There have been many variations on data backup over the years, most essentially
being what’s referred to as local backup, meaning that the data is kept
totally within the walls of the practice, or at least with them.

As an example of the most basic level of local backup, many professional tax
and accounting systems have included for years what they called backup functions.
But most of these simply keep a duplicate copy of some data on the same computer.
This may be better than nothing, since at least if the original file gets damaged,
the copy is available, but when the problem is a crashed hard drive or permanently
damaged computer or server, this kind of backup offers no protection.

Other examples of local backup have included tape drives and CD-based systems,
with users performing a manual backup routine at the end of the day. There would
usually be at least a few different tapes or CDs, sometimes one for each day
of the week, which the users would copy information to and then take home with
them or store someplace within the firm. External hard drives also fit into
the local backup category. Essentially, these systems perform backup to an external
device that is usually located alongside the computer, with data transferred
via USB cable. External systems at least protected against computer failures,
but the information was usually still in the same office and, therefore, still
vulnerable to the other issues of weather, fire, theft or sabotage by a disgruntled
staff member.

WHY WEB-BASED BACKUP IS BETTER
Tax and accounting professionals have long been leery of relinquishing “control”
of their client data to anybody, anywhere. At some level, this is a matter of
self-preservation, but the skepticism regarding web-based remote backup is also
due to the wrongly believed notion that the data is safer in the professional’s
office.

After all, we see and read news of identity theft all the time, and no professional
wants to be at fault for exposing his or her clients’ information. The
truth, however, is that there are far more potential risks to your data at your
office, including crashes, fire, sabotage, theft or employee negligence (like
leaving the program open and exposed to other staff, maintenance or other persons).

The point is, whether or not a firm uses web-based backup,
any of these things can happen to their client data. But for practices with
their data securely stored at a remote location, it can be easily retrieved
and staff can get back to work. With many web-based remote backup systems on
the market, the data is even stored at more than one location, meaning that
even regional disasters won’t result in lost data.

Security: What to Look For
The key to web-based backup systems is in the security protocols used. Fortunately,
the AICPA essentially wrote the rules and set the standards on what “secure”
means when it comes to data security. The SAS 70 Type II accreditation certification
is essentially the stamp of approval that professionals should look for. To
achieve this accreditation, the data centers where information is stored, and
the hosting companies themselves, are inspected for the use of many layers of
data protection, including encryption technologies, physical security, personnel
backgrounds, access rights and even building construction.

There are many web-based backup options available, but the SAS 70 Type II accreditation
is a key to identifying systems designed for professional use. Also to look
for are backup systems that offer higher storage capacity than consumer-level
products, and the ability of the system to automatically find specific types
of files, such as QBW, QBB or your tax program’s data file extensions.
Although web-based backup systems compress the files, they can still be quite
large when dealing with dozens of clients and other programs, so even small
practices should look for at least 40-GB of capacity.

Encryption Basics
Encryption refers to the scrambling of data into an unrecognizable and meaningless
jumble of characters. Essentially a random secret code. While companies achieving
the above certification must demonstrate high-level encryption of data (generally
at least 128-bit encryption or higher), another issue to consider is when and
where that data is encrypted, since the company only has to demonstrate that
it is safe when while in their control. In other words, how safe is it when
the data is being sent to them and received from them?

With web-based backup systems, data travels over the Internet. And we all know
what a back alley place that can be. So professionals should use a system that
encrypts the data before it leaves their computers or servers, and stays encrypted
at all times until they receive it back.

Automated Backup
The weakest link in the backup chain has always been the human users. The old
backup systems like CD, tape and even external hard drives were pretty good
at backing up data, but because they often required complex setup and configuration,
manual processes and daily operation by someone in the office, they weren’t
always used as religiously as they should have been. Remember, a backup system
only works if it’s used.

Fortunately, the new generation of web-based backup systems help automate the
processes. After setting up the system and telling it what folders or kinds
of files you want it to save, the systems can automatically search and backup
that data to the secure data center, and usually when the computer is not being
used, which means it won’t slow down client work.

With the smarter backup systems on the market, the brief setup tasks are all
that the user ever has to do, although tools are available if the user wants
to verify backups and test the system. So, after setting it up, there’s
no continuing need to remember to perform the backup or wondering how up-to-date
the backups are. This hands-off approach is the best approach, because it removes
the possibility of human error or forgetfulness, while automatically ensuring
that backups are performed.

Backing up client and firm data no longer has to be the chore it once was.
With automated web-based backup, professionals can basically “set it and
forget it,” while knowing that if technical or natural disaster visits,
the data is safe and can be retrieved.